Xhs Post Factory

Security checks across malware telemetry and agentic risk

Overview

This looks like a straightforward Xiaohongshu formatting skill that writes predictable output files, with an overwrite-risk note but no evidence of malicious behavior.

Before using it in an important folder, check whether `xhs-post.md` or `xhs-post.json` already exist, or run it on a copy of the input file to avoid accidental overwrite.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly writes `xhs-post.md` and `xhs-post.json` into the input file's directory, which modifies user-controlled filesystem locations without requiring confirmation or warning. While the outputs are predictable rather than arbitrary, this can still overwrite existing files, create unintended artifacts in sensitive directories, or violate user expectations about read-only processing.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal